IP SECURITY

1
IP SECURITY
2
IPSec Three Functional Areas

• IPSec encompasses three functions,
• Authentication
• Identify the Source address, i.e., against the
  forgers.
• Against alteration (Plaintext transmit only)
• Confidentiality
• Prevent eavesdropping by 3rd party (ciphertext
  transmit)
• Key management
• Exchange the secret keys securely.

3
IPSec Overview

• Flexibility
• Not a sigle protocol
• (Security algorithms decided by the pair of
  comm. entites) (General framework)
• Transparent to applications
• Encrypt and/or all traffic at the IP level.
• All the distributed applications could be secured.

4

• Applications
• Secure branch office connectivity over the
  Internet
• Secure remote access over the Internet
• Establsihing extranet and intranet connectivity
  with partners
• Enhancing electronic commerce security

5
IPSec Scenario
6
IPSec Document Overview
7
Security Association (SA)

• A one-way relationsship between a sender and a
  receiver that specifies the parameters to the
  traffic carried.
• Who to protect the traffic, what traffic to be
  protected and with whom the protection is
  performed.
• Typically, SAs exist in pairs, one in each
  direction.
• SAs reside in the Security Association Database.

8

• Identified by three parameters
• Security Parameter Index (SPI)
• Bit string assigned to the certain SA, local
  sinificant only.
• Carried in AH or ESP heades
• IP Destination address
• Unicast addresses only
• Security Protocol Identifier
• Indicate whether its a AH or ESP.

9
Security Association Database (SAD)

• Defines the parameters associated within each SA.
• The functionality provided by a SAD must be
  present in IPSec, however, the way it presents is
  depends on the implementor.

10
SA 8-Parameter in SAD

• Sequence Number Counter
• 32-bit value
• Use to generate the sequence number in AH or ESP
  header
• Sequence Counter overflow
• If overflow, generate an auditable event and
  terminate such a SA.
• Anti-Replay Window
• Determine whether an inbound AH or ESP packet is
  replay.

11

• AH Information
• All the details of authentication algorithm
  within this SA.
• ESP Information
• All the details of the Encryption algorithm
  within this SA.
• Lifetime of this Security Association
• IPSec protocol Mode
• Tunnel, Transport, or wildcard.
• Path MTU

12
Anti-Replay Mechanism

• Sequence number (Sender)
• 1. The sender initialized a sequence number
  counter once a new SA is established.
• 2. The sender will increase the sequence number
  by one once a packet is sent on this SA till the
  limit, (232 1), is reached.
• 3. The sender should terminate a SA in which the
  sequence number is maximum and negotiate a new SA
  with a new key.

13

• Sliding receive window (Receiver)

14
Security Policy Database (SPD)

• Maintain the IPSec policies.
• Each entry defines,
• Which IP traffic to be protected,
• IP traffic ? selectors ? IPSec policy. (SPD)
• How to protect it. One of three actions to take
  upon IP traffic match
• Discard
• Bypass
• Apply ? An SA or a bundle of SAs.
• With whom the protection is shared

15

• Map to the SAD. (per packet or per SPD entry). In
  other words, points to an SA for a certain IP
  traffic.

16
SA 10-Selector in SPD

• Destination IP address
• Source IP address
• UserID
• Data Sensitivity level
• Transport layer protocol
• IPSec protocol
• Source and Destination ports
• IPv6 class
• IPv6 Flow label
• IPv4 Type of Service(TOS)

17
IPSec

• SA
• AH or ESP or ESP/AH
• AH
• Authenticated only, i.e., the payload of the IP
  packet will be transmitted in plaintext.
• ESP
• Authentication is an option.
• Ciphertext
• Each AH and ESP has two modes
• Transport
• Tunnel

18
Transport Mode vs. Tunnel Mode

• Transport mode
• Only the IP payload will be protected.
• Origin IP address is the outbound address.
• Tunnel mode
• The entire IP packet (including IP address) will
  be protected.
• A router or firewalls IP address will be the
  destination address instead.

19
Authentication Header (AH)

• Design to provide
• Integrity
• Authentication
• Does not support
• Confidentiality
• Guards against the replay attack

20
AH Fields

• Next header
• Identify the type of the next header.
• IP protocol number for AH is 51.
• Payload length
• Total length of AH (in word) 2
• In default case, the length is 4.
• Reserved
• For future usage.
• SPI
• Identifies a SA
• Sequence number
• a monotonically increasing counter for
  anti-replay.

21

• Authentication data
• contains Integrity check value (ICV) or message
  authentication code (MAC)
• HMAC-MD5-96
• HMAC-SHA-1-96

22
MAC Calculation

• IP header
• immutable available
• mutable but predictable available
• mutable but unpredictable set to zero
• TOS, Flags, TTL, IP hdr checksum, fragment offset
  
• AH header
• Other than the Authentication Data field.
• Namely, set that field to zero.
• IP payload
• immutabel.

23
Mutable Field in IPv4 Format
24
Mutable Fields in IPv6 Format
Extension Header
25
IPv6 with Extension Headers
26
AH Format
27
Origin IPv4 and IPv6
28
Transport Mode AH
29
Tunnel Mode AH
30
AH Approach
Transport SA
Transport SA
Tunnel SA
31
Encapsulating Security Payload (ESP)

• ESP
• Provide confidentiality only.
• ESP/AH
• Support both encryption and authentication

32
ESP Fields

• Security parameters index (SPI)
• Identifies a certain SA
• Sequence number
• The same as in AH
• Payload data
• protected by encryption
• Padding
• Encryption algorithm
• Next header
• Identifies the type of data contained in the
  payload.
• IP protocol number is 50.
• Authentication data
• MAC computes over the (ESP packet
  Authentication Data)

33
ESP Format
34
Encryption and Authentication in ESP

• Encryption algorithm
• The cryptographic synchronization (IV) may be
  carried at the beginning of the payload
• Although being part of the ciphertext, IV wont,
  in general, be encrypted.
• Essential DES in CBC mode
• Others 3DES, RC5, IDEA, 3IDEA, CAST,
  Blowfish symmetric key encryption
• Authentication algorithm
• The same as in AH.
• Ciphertext ESP tailer

35
Transport Mode ESP
36
Tunnel Mode ESP
37
ESP Approach
38
Functionality of Tunnel and Transport Mode
Transport Mode SA Tunnel Mode SA
AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet plus selected portions of outer IP header and outer IPv6 extension headers
ESP Encrypts IP payload and any IPv6 extesion header following the ESP header Encrypts inner IP packet
ESP/AH Encrypts IP payload and any IPv6 extesion header following the ESP header. Authenticates IP payload but no IP header Encrypts inner IP packet. Authenticates inner IP packet.
39
IPSec Services Summary
AH ESP ESP/AH
Access control ? ? ?
Integrity ? ?
Authentication ? ?
Anti-replay ? ? ?
Confidentiality ? ?
Limited traffic flow confidentiality ? ?